Cybersecurity Expert Theresa Payton on Protecting Your Brand

“There’s this old-school thought that you can prevent a security breach before it happens, but you can’t,” said Theresa Payton, former White House chief information officer and the president and CEO of Fortalice, a cybersecurity consulting firm. “But new technology, by design, is an open system. A breach is inevitable.”

You must be prepared for a crisis, and practicing for a digital disaster is critical for all businesses, she said during the General Session on Oct. 24. “You need to have a proactive communications plan. It’s a fine balancing act. How do you plan for the worst, but provide the best customer service?”

When working in the financial services industry, Payton realized that companies “weren’t designing for the human psyche,” she said. “The system was too clunky. Rather than explain it better, we needed to design it better.”

She suggests thinking about your company’s top two most critical assets and asking yourself: “What’s in the line of sight?” Also, practicing for digital disaster is key. A few important action items: Review contracts with vendors, choose representatives to speak, brainstorm in groups, discuss permissions, review privacy settings and remember to focus on the customer too.

“Security is broken,” Payton said, adding that 44 percent of people believe they are on their own and don’t have the proper resources after a data breach. Also, super phishing is on the rise and has been associated with some of the largest cyberattacks in recent history (Sony, Target). “It’s so sophisticated, there’s nothing you can really do,” she said. So you must be proactive.

Incidents are often leaked before the victims can investigate, and companies face several waves of unwanted media over the course of the breach that must be managed. “A data breach is the only crime that we blame on the victim,” Payton said. “You can win your customers back if you are transparent. Be quick, effective and consistent.”

Avoid quoting a specific figure right away; it can look bad, Payton said. Say that the “forensics are ongoing,” as the security team won’t have had enough time to process everything and the numbers will be subject to change. Also, ask a developer or third-party vendor about having a kill switch in the event of a data breach, and creating an alternate plan to reach customers.

Social media is making it possible for information about a breach to spread quickly, she said. Ninety-five percent of data breaches are due to human error and 78 percent are due to tricking users, who are easy targets for hackers, she said.
“Forty percent of global consumers believe that failure to keep customer information secure has a significant negative impact on trust in a company,” Payton said. “This is the new norm. This is where we’re headed. Do you have a backup plan?”

Amy Jacques is the managing editor of PRSA's publications. A native of Greenville, S.C., she holds a master’s degree in arts journalism from Syracuse University’s S.I. Newhouse School. She also holds a bachelor’s degree in advertising from the University of Georgia’s Grady College and a certificate in magazine and website publishing from New York University.